Project

General

Profile

Bug #35359

Make the Http Proxy store a CA certifcate

Added by Partha Aji 4 months ago. Updated 1 day ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Proxy gateway
Target version:
-
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

When talking over an https proxy, 2 certificates have to be addressed
  1. CA Cert of the Proxy
  2. CA Cert of the destination URL (assuming its https).

Currently to HTTP Proxies require both these certificates to be in systems default trust store to connect to EC2/Other compute providers.

A better approach would be to store the CA Cert of the https proxy in the database instead of the trust store. When talking to EC2 we can narrow down the certificates in the chain to the one from proxy + certificates in the system trust store.

Associated revisions

Revision ee9fe3a7 (diff)
Added by Partha Aji 3 months ago

Fixes #35359 - Add cacert to http proxy (#9348)

This PR adds a cacert column to the http proxy and uses to this for
connecting to ec2 and other compute resources. This would also be used
by katello/other plugins when communicating to the CDN over a https
proxy

Revision 4a49fd01 (diff)
Added by Partha Aji 3 months ago

Refs #35359 - cleaner add_ca_bundle_to_store

History

#1 Updated by The Foreman Bot 4 months ago

  • Assignee set to Partha Aji
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/9348 added

#2 Updated by The Foreman Bot 3 months ago

  • Fixed in Releases 3.5.0 added

#3 Updated by Partha Aji 3 months ago

  • Status changed from Ready For Testing to Closed

#4 Updated by The Foreman Bot 3 months ago

  • Pull request https://github.com/theforeman/foreman/pull/9355 added

#5 Updated by Partha Aji 2 months ago

  • Bugzilla link set to 2112098

#6 Updated by Ewoud Kohl van Wijngaarden 1 day ago

  • Triaged changed from No to Yes

Also available in: Atom PDF